I am attempting to setup a standalone Windows 2008(R2) server with Active Directory Domain Services. This install is purely for development purposes.
I have installed the OS just fine, and I been through and added ADDS role which in turn add the DNS role. Everything installs just fine and I can run dcpromo which appears to complete successfully, however after the required reboot I can login using the new domain admin credentials but the event log reports various issues with the ADDS service and I am unable to open any of the related management interfaces.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Computer: computer.domain.local
The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names.
Domain controller:
Directory partition:
domain.local
As this install was for development purposes, I was advised to use .local, although I have now run through the setup with various different configurations but I always hit the same issue.
Looking at other posts, I have tried:
dcdiag /e /fix
This returns the following message:
Ldap search capability attribute search failed on server conputername, return value = 81
Not sure if this is a clue to anything?
I am fairly sure this is DNS related as it seems the server cannot be found, I can confirm that my NIC is looking at 127.0.0.1 as it's primary DNS server.
Any advice would be much appreciated.
UPDATE:
Digging deeper, i've found this event error?
The DNS server was unable to create the built-in directory partition
Best Answer
The error 81 means server unreachable. Use err.exe from download.microsoft.com to lookup the error and you will see the following.
LDAP_SERVER_DOWN winldap.h
DNS is unable to create built in partitions means it was trying to create the DC=DomainDNSZones,DC=Domain,DC=Local and DC=ForestDNSZones,DC=Domain,DC=Local application partitions. To do that it would have to contact the domain naming master FSMO role holder (which is your only DC that you have). I wouldn't worry about this just yet as the zones (_msdcs.domain.local and domain.local) are likely stored in the domain partition at the moment beneath CN=microsoftDNS,CN=System,DC=Domain,DC=Local.
I would make sure you dont have any firewall software other than the inbuilt one. Have you got some 3rd party AV which bundles a firewall with it installed? You might want to turn all 3rd party firewalls off and then the Windows Firewall too (while you troubleshoot) as I dont know what firewall profile is currently active and what rules/traffic is allowed. Do you have more than one network interface on this machine?
open the wf.msc and on the left pane click the top most element and view its properties. Go through each tab for domain, public and private and turn them all off. DONT stop any Windows Firewall related services using services.msc.
Doing a "netstat -ano" will show what ports the server is listening on which should have entries indicating listening on TCP/UDP ports such as 389, 88, 135, 445 and so on. You need to see if you can connect to those ports from the relevant apps or some port scan utility such as portqry.exe from the Windows 2003 support tools or resource kit. Unfortunately its not bundled with the OS anymore but should work if you extract from the relevant download packages from download.microsoft.com.